In this episode..   ImageTragick - major flaw in open source image processing toolkit ImageTragick is CVE-2016-3714 Logo & Website: https://imagetragick.com Has a logo, so it must be yuge Is this really that big of a deal? How many are impacted potentially? https://blog.sucuri.net/2016/05/imagemagick-remote-command-execution-vulnerability.html Remote code execution, with minor caveats - likely darn near everywhere Detroit company loses $495k to wire fraud Source was a faked email to make a wire transfer Why didn’t someone verify this?! http://www.detroitnews.com/story/news/local/oakland-county/2016/05/03/troy-investment-company-hacked/83879240/ Will insurance pay out? Is the policy change too little too late? How can other companies learn from this? The Ransomware Epidemic (Optiv blog) Is there an epidemic at play here? Why the switch to ransoming people’s data Is this a viable business model for cyber criminals? https://www.optiv.com/blog/ransomware-part-1-is-this-an-epidemic Undetectable flaw in Qualcomm-powered Android phones is a huge deal Input sanitization flaw (again?!) At risk is 34% users running Android 4.3 and earlier Text messages and call histories accessible in plain text An "undetectable" software flaw in Qualcomm Snapdragon-powered Android smartphones could lay bare users' text messages and call histories to hackers http://www.computing.co.uk/ctg/news/2457217/undetectable-qualcomm-code-vulnerability-lays-bare-android-users-text-messages-and-call-histori White Hat hacker sent to the clink for going too far Found (accidentally?) a SQL Injection flaw then used a tool to pull data out Obviously went too far, right? Where was the 'responsible' or 'reasonable' notification to victim? This headline is deceptive, and misrepresents the story: http://www.infosecurity-magazine.com/news/white-hat-researcher-jailed Hat-tip to Troy Hunt for a sane evaluation: http://windowsitpro.com/troy-hunts-security-sense/security-sense-when-security-researcher-arrested-there-s-usually-good-reas